Experts say it over and over again, because it’s true: One of the best ways to ensure security is to keep all operating systems and applications up to date. But a recent Cisco Systems survey found an amazing number of organizations still running an old version of Java.

Use the regulars

That is, the regular defences: Anti-virus, anti-malware, anti-spyware. they’re not old fashioned — yet. They offer good, basic protection that every organization still needs

Communicate

Make sure staff know what your security policies are. “If they don’t know they have an excuse” when things go wrong, Papadopoulos said.

Check it twice

Eighty per cent of vulnerabilities are created because someone misconfigured something, Papadopoulos said. Lesson: Double-check changes to security configurations before making them live.

Play doctor

Run regular health and security checks against key applications, Papadopoulos said. That way you know if you need to patch.

“Think like a firewall”

Remember, says Papadopoulos said, the first option in set-up is “deny all.” And that’s where you should start. Then think about what data you want users to have access to.

Be prepared

Most incident response plans aren’t very comprehensive, said Weatherhead. IT staff at one financial institution he knows of had lots of security policies, but when it was hit with an intrusion staff panicked and shut off firewalls and Web servers. Not good for business.

Close the door

When staff leave make sure their access is cut. “You don’t want your data leaving with them,” said Papadopoulos. However, many organizations fail to remember this basic fact.

With reports about data breaches capturing headlines in the last month we thought it time to revisit advice offered at last fall’s Technicity event in Toronto, which focused on cyber security. Andy Papadopoulos, president of systems integrator Navantis, and Paul Weatherhead, CTO of Digial Boundary, offered tips to improve enterprise security. “It’s the small stuff that will eventually bite you in the butt,” said Papadopoulos. All images from Shutterstock

Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Award Winning Journalism

About Us

The Content Experts

For almost three decades we have been building solid relationships with Canada’s IT professionals by delivering timely, incisive information that helps them succeed in their jobs. Today, more than 75,000 IT executives and professionals – representing 70 per cent of the buying power in Canada – turn to us for the information they trust.